package org.hnxxxy.ebms.config;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.hnxxxy.ebms.pojo.Permission;
import org.hnxxxy.ebms.pojo.Role;
import org.hnxxxy.ebms.pojo.RolePermission;
import org.hnxxxy.ebms.service.PermissionService;
import org.hnxxxy.ebms.service.RolePermissionService;
import org.hnxxxy.ebms.service.RoleService;
import org.hnxxxy.ebms.util.JWTUtil;
import org.hnxxxy.ebms.util.JwtToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;

import java.util.HashSet;
import java.util.List;
import java.util.Set;

/**
 * @Description: 自定义的Realm
 * @Author WANGWEI
 * @Date: 2021/1/20  20:13
 * @EMAIL: 1377366738@qq.com
 */
public class UserRealm extends AuthorizingRealm {

    @Autowired
    private RoleService roleService;

    @Autowired
    private RolePermissionService rolePermissionService;

    @Autowired
    private PermissionService permissionService;

    @Autowired
    private RedisTemplate<String,Object> redisTemplate;


    @Override
    public boolean supports(AuthenticationToken token) {
        return token instanceof JwtToken;
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        String token = principalCollection.getPrimaryPrincipal().toString();
        Role role = (Role)redisTemplate.opsForValue().get(token);
        // 获取权限
        QueryWrapper<RolePermission> queryWrapper = new QueryWrapper<>();
        queryWrapper.eq("role_id",role.getRoleId());
        List<RolePermission> list = rolePermissionService.list(queryWrapper);
        Set<Integer> set = new HashSet<>();
        list.forEach(rolePermission -> {
            set.add(rolePermission.getPermissionId());
        });
        List<Permission> permissions = permissionService.listByIds(set);
        Set<String> permiss = new HashSet<>();
        permissions.forEach(permission -> {
            permiss.add(permission.getPermissionName());
        });
        simpleAuthorizationInfo.setStringPermissions(permiss);
        return simpleAuthorizationInfo;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String token = (String)authenticationToken.getCredentials();
        // 从redis中获取用户信息进行判断
        Role role = (Role)redisTemplate.opsForValue().get(token);
        // 判断当前用户
        if (role != null){
            Integer roleId = role.getRoleId();
            if (JWTUtil.verify(token,roleId,role.getIsTeacher())){
                return new SimpleAuthenticationInfo(token,token,getName());
            }
        }
        Integer id = JWTUtil.getId(token);
        // 从数据库查询用户信息
        Role byId = roleService.getById(id);
        if (byId!=null){
            redisTemplate.opsForValue().set(token,byId);
            return new SimpleAuthenticationInfo(token,token,getName());
        }
        return null;
    }
}
